Abstract
This article discusses the attempt to develop global data protection regulatory activity through the network of privacy commissioners and their agencies at the highest international levels. It describes the trajectory of forming a common outlook, identity, and infrastructure for regulatory enforcement amongst data protection authorities (DPAs) in recent years, and considers the value of analytic approaches to carry research forward.
Acknowledgements
This article is a companion piece to Raab (Citation2010). It has not been possible to update the information it contains beyond the end of 2009. I would like to thank the Hanse-Wissenschaftskolleg (Institute for Advanced Study) in Delmenhorst, Germany for the excellent facilities available to me during my Fellowship in May and June 2009; the Carnegie Trust for the Universities of Scotland for financial assistance; and current and former members of Data Protection Authorities, including Alexander Dix, Peter Harris, Hansjürgen Garstka, David Loukidelis, Peter Schaar, Marie Shroff, David Smith, Blair Stewart, Nigel Waters and Thilo Weichert, for discussions and other assistance.
Notes
1. http://www.privacyconference2007.gc.ca/Terra_Incognita_resolutions_ngo_E.html (accessed May 28, 2009).
2. The Article 29 Working Party, established by the 1995 European Union Data Protection Directive 95/46/EC, is a partial exception. Space does not permit extensive discussion of its role, but see Newman (this issue).
3. But see Flaherty (Citation1989), Bennett (Citation1992), Stewart (Citation1997), Bennett and Raab (Citation2006), Newman (Citation2008), and Newman (this issue).
4. See the activity under the auspices of Privacy Laws & Business, at: http://www.privacylaws.com/templates/Events.aspx?id=364 (accessed May 25, 2009). The International Association of Privacy Professionals (IAPP) “is the world's largest association of privacy professionals, representing more than 6,000 members from businesses, governments and academic institutions across 47 countries”; see https://www.privacyassociation.org/index.php (accessed May 25, 2009). They offer a credentialing scheme and host international conferences.
5. See Stone Sweet et al. (Citation2001), and Steinmo (Citation2008), summarizing institutionalist approaches.
6. For some of this, see Newman (Citation2008), Raab (Citation2010) and Newman (this issue).
7. See http://www.edps.europa.eu/EDPSWEB/edps/site/mySite/pid/99 (accessed May 12, 2009); http://www.privacycommission.be/en/international/berlin-telecom (accessed June 7, 2009); http://www.datenschutz-berlin.de/content/europa-international/international-working-group-on-data-protection-in-telecommunications-iwgdpt (accessed June 7, 2009). The latter website links to a large document in German and English, “International Documents on Data Protection in Telecommunications and Media 1983–2006”, providing texts of all Common Positions (later called Working Papers) and other outputs from the first 40 meetings, through 2006.
8. http://www.gov.im/lib/docs/odps//madridresolutionnov09.pdf (accessed November 4, 2010).
9. http://www.privacyconference2007.gc.ca/PRIVACY-191481-v1-RESOLUTION_GUIDELINES.pdf (accessed May 28, 2009).
10. http://www.privacyconference2005.org/fileadmin/PDF/montreux_declaration_e.pdf (accessed May 12, 2009).
11. http://www.privacy.org.nz/28th-international-conference-of-data-protection-and-privacy-commissioners/ (accessed May 11, 2009).
12. “Communicating Data Protection and Making it More Effective”, available at: http://www.edps.europa.eu/EDPSWEB/webdav/shared/Documents/Cooperation/Conference_int/06-11-03_London_initiative_EN.pdf (accessed May 11, 2009).
13. Ibid., 5.
14. http://www.privacyconference2007.gc.ca/Resolution%20on%20Global%20cooperation%20-English.pdf (accessed May 28, 2009).
15. http://www.oecd.org/dataoecd/43/28/38770483.pdf (accessed May 12, 2009).
16. Ibid., 7.
17. Ibid., 11.
18. http://www.privacyconference2007.gc.ca/Working%20Group%20Resolution_english.pdf (accessed May 28, 2009).
19. http://www.privacyconference2007.gc.ca/country_reports/NEW%20ZELAND%20-%20ENGLISH.pdf (accessed May 28, 2009).
20. A relatively new three-person Credentials Committee was initially chaired for five years by the New Zealand DPA, working with a subgroup to decide on accrediting new DPAs to annual meetings. However, a consolidated list of accredited DPAs is not available at the time of writing. See the document of the 2001 Paris Conference, amended at the 2002 Cardiff Conference, at http://www.privacyconference2007.gc.ca/PRIVACY-190100-v1-Accreditation_principles_and_committee_rules_ENG.pdf (accessed May 28, 2009). Item A7 of this document states that members of the Committee bear their own costs.
21. http://www.privacyconference2007.gc.ca/Working%20Group%20Resolution_english.pdf (accessed May 28, 2009), Section F.
22. See the resolution adopted at the 2005 Montreux Conference, at http://www.privacyconference2008.org/pdf/resolution_concerning_en.pdf (accessed May 29, 2009).
23. A resolution on this, proposing the establishment of a steering group, was passed at the 30th Annual Conference in Strasbourg in 2008. See http://www.privacyconference2008.org/adopted_resolutions/STRASBOURG2008/resolution_steering_group_en.pdf (accessed June 6, 2009).
24. https://www.agpd.es/portalweb/privacyconference2009/documentacion/common/report_credentials_committee_en.pdf (accessed May 28, 2009).
25. The New Zealand Privacy Commissioner's website, http://www.privacy.org.nz/privacy-awareness-week/ (accessed May 12, 2009), explained with respect to the week of May 3–9, 2009, that “Privacy Awareness Week is run in partnership with … APPA”. The week would “see a variety of programs and initiatives hosted by public and private sector organisations from across the Asia-Pacific region to promote awareness of privacy rights and responsibilities”. The first such Week was held in 2007.
26. The third annual Data Protection Day was held on January 28, 2009. The Council of Europe urged that “events should be organised all over Europe to raise awareness on data protection and inform citizens of their rights and of good practices, thereby enabling them to exercise these rights more effectively”, see http://www.coe.int/t/e/legal_affairs/legal_co%2Doperation/data_protection/Default_DP_Day_en.asp#TopOfPage (accessed May 12, 2009).
27. http://www.edps.europa.eu:80/EDPSWEB/webdav/site/mySite/shared/Documents/Cooperation/Conference_int/08-10-17_Strasbourg_DPDay_EN.pdf (accessed May 12, 2009). At Madrid, DPAs appeared to be unable to agree on a common date for a global event, and no final decision was taken.
28. Ibid., 1.
29. European Commission (Citation2009), a recent European Commission research report, describes the existing state of promotional and communication activities among EU member states. The author was a sub-contractor to KANTOR for this project.
30. http://www.lda.brandenburg.de/sixcms/media.php/3509/resolution_website_working_group_en.pdf (accessed May 12, 2009).
31. http://www.privacyconference2008.org/adopted_resolutions/STRASBOURG2008/resolution_international_standards_en.pdf (accessed May 12, 2009).
32. See “Global Privacy Standards for a Global World – The Madrid Privacy Declaration, 3 November 2009”, http://thepublicvoice.org/madrid-declaration/ (accessed November 10, 2009).
33. See Center for Democracy and Technology, “Policy Post 15.17, November 10, 2009”, at: http://www.cdt.org/publications/policyposts/2009/17 (accessed November 16, 2009).
34. See “Resolution Proposed by the Website Working Group”, at: http://www.privacyconference2010.org/upload/2009%20-%20Resolution%20proposed%20by%20the%20Website%20Working%20Group.pdf (accessed November 4, 2010).